You might think online communication is private. But actually, your messages are particularly easy to intercept today.
Both email and modern communication platforms like Microsoft Teams use encryption, but that doesn’t automatically mean your messages are completely secure. End-to-end encryption (E2EE) is the technology that ensures privacy.
While E2EE is ubiquitous in the consumer landscape, business technology lags somewhat behind. We’ll look at how both your email traffic and Teams conversations are encrypted.
History of Email
Email is built on an old protocol called simple mail transfer protocol (SMTP) that was developed for a less advanced internet than we know today. Everything was sent in plain text: anyone who had access to the intermediate systems could read along. That protocol still exists but has been modernized over the years.
read also
How Does End-To-End Encryption Work for our Online Communication?
Transport encryption (TLS) was added later, ensuring that email was no longer sent in plain text. But that’s not a complete solution. Your email is secured between you and the server, and between servers, but not on those servers themselves. The email application sending the mail can, in principle, open, read, copy, or even modify your email, and you can’t do anything about it. A hacker with access to the server could also take advantage of this.
The Role of End-To-End Encryption
E2EE ensures that a message is encrypted at the sender and only decrypted at the recipient. No other party has access to the content. Only the sender and recipient have the correct digital keys.
Digital keys? You might not know them as an end user. They’re comparable to passkeys: each person or device has a public key and a private key. You encrypt your email with the recipient’s public key. Only their private key can make the message readable again. The sender’s key is therefore useless to others.
For everyday conversations, standard security may be sufficient, but E2EE is necessary for sensitive communication.
There is a significant drawback: because even your mail server can’t read the content anymore, you lose some functions like automatic filters, search capabilities, or recovery after loss. That’s why E2EE is mainly used today for sensitive communication, such as customer data or financial information. TLS serves as an extra security layer and is mainly used for secure connections between servers, while E2EE encrypts your data on top of that.
Microsoft Teams: Encryption versus End-To-End Encryption
With tools like Microsoft Teams, there’s also a difference between standard encryption and end-to-end encryption. By default, Teams uses TLS and secure real-time transport protocol (SRTP) to secure data between the user and Microsoft’s servers. This provides a good foundation, but Microsoft manages the keys and could theoretically access the content.
E2EE goes a step further: only the two devices at the endpoints of the conversation possess the keys to decrypt the communication. Even Microsoft can’t read or listen to the conversations.
Since 2022, E2EE has been available for one-on-one video calls in Teams. Group meetings, chat messages, or screen sharing are (currently) not included. During an E2EE call, several features are also disabled, such as live captioning and recording. Security here comes at the cost of some functionality.
When Do You Need E2ee?
Whether you’re emailing or meeting via Teams: you’re always using encryption, just not in the same form. For everyday messages, transport encryption is good enough. But when sensitive data is shared, for example with financial data, customer information, or strategic plans, E2EE is a necessary additional layer of protection. You often need to enable this yourself in the settings if the application or platform supports it.
It’s notable that both communication tools like Teams (or Slack) and email lag behind compared to consumer chat applications. Signal, for example, provides end-to-end encryption by default, as does WhatsApp, which uses the Signal protocol.
Conclusion
End-to-end encryption is a powerful technology that ensures only the intended recipient has access to the content. Both in email and tools like Microsoft Teams, E2EE offers extra security, although it sometimes results in reduced usability. It therefore remains a conscious choice: for everyday conversations, standard security may be sufficient, but for sensitive communication, E2EE is necessary.